Miniorange Oauth Single Sign On — known CVE vulnerabilities
Every CVE whose affected-product data names Miniorange Oauth Single Sign On, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-34155 — CVSS 8.8 (high): Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This…
CVE-2023-1092 — CVSS 6.5 (medium): The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single…
CVE-2023-1093 — CVSS 6.5 (medium): The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could…
CVE-2022-2133 — CVSS 5.3 (medium): The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows…